Forensic Blogs

An aggregator for digital forensics blogs

by

Application Analysis Blog 1

What is Application Analysis?

Artifacts are a subject of fascination, full of information from their time and location.  An application leaves markers on systems that often go undetected by the user. These digital artifacts are small bits of information, ranging from profile icons to private messages. This information could be a threat, and it’s crucial that any consumer be aware of their app’s security. This means that if someone else gets into your system, they might be able to unearth info that could allow them to steal from or impersonate you.

The goal of this project is to find out what information remains after one removes an app from the system. Through this, we can learn what programs are secure and prevent any security risks.

Image stating

Browsers and User Privacy

In the first few weeks of the semester, we spent time examining the artifacts left by internet browsers. Through this, we uncovered a treasure trove of information in the “Appdata” folder. This folder is where every desktop application stores it’s information. Because it’s deemed unnecessary for user interaction, the Appdata folder is full of user input for most programs. If a normal consumer stumbled upon this, it wouldn’t mean much to them. However, this is all the juicy bits of data that were part of your account on a program. This could be very useful for someone trying to take control of your accounts.  For example, one of the files within this folder holds your Cookies, small temporary files that are responsible for holding small, session-long pieces of data.  

We took a look at the browser Firefox, made by the company Mozilla. There are three folders under Appdata: Local, LocalLow, and Roaming. The browser stores data that it accesses in a local server so that it can access it again, like your browser homepage.

Your credit card information that was put into Amazon is held in that file, as is your Facebook password. This is a risk for everyone and it needs to be addressed to make users more aware of their safety online and offline.

An image of the information under the Firefox tab in Roaming

An image of the information under the Firefox tab in Roaming

What types of applications will we be looking at? 

After working with browsers, we started researching other applications to investigate.  We decided to investigate Steam, Google Drive, Dropbox, Viber, and Twitter. Steam is a popular gaming PC gaming platform that, as of April 2019, has a billion accounts and 90 million users. It’s important that such a giant in the video game industry keeps its users’ information private. Google Drive is similar to Dropbox, but is better funded and more used. We are curious to see how much of a difference this makes security-wise for each user. Viber is a small Peer-to-Peer (P2P) application for smartphone and desktop use. P2P gives users equal permissions, allowing for fast data movement. Finally, Twitter is a large worldwide social media application that has had a history of insecurity in its system.

Conclusion

During the course of this semester, we will these desktop applications on our virtual machines. Doing this will generate data from the program into the Appdata folder. After this, we will completely uninstall the applications from the system, and investigate the data leftover, analyzing the trail of data to see if one could abuse it.

We will start next week with analyzing our first application, and we will be sure to let everyone know the verdict on our next blog!

 

Stay up to date with Twitter, Instagram, and Facebook by following @ChampForensics so you always know what we’re up to!

 

The post Application Analysis Blog 1 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Internet of Things at Magnet User Summit 2019

INTRODUCTION

During the first week of April, I had the privilege of attending the Magnet User Summit in Nashville, Tennessee. Previously held as a separate training right before or after EnFuse in Las Vegas, the Magnet User Summit is a two day conference put on by Magnet Forensics. It features talks and hands on labs covering a wide gamut of topics within the field of digital forensics. I’m grateful for the chance to attend as the keynotes and lecture sessions were all enjoyable. I learned so much about the field of digital forensics directly from industry professionals.

INTERNET OF THINGS FORENSICS

One of the favorite sessions I attended was actually my first session, which was “Internet of Things Forensics”, presented by Jon Rajewski, the director of the LCDI. During the roughly hour long talk, Jon talked about a number of popular Internet of Things (IoT) devices, including the Amazon Echo, Facebook Portal, and the Nest suite of smart home devices. Jon went into detail about each of the devices and his findings about them as a forensic investigator.

One of the more intriguing products Jon discussed was the Facebook Portal.  Jon found that the Facebook Portal ran Android and accessed Facebook via a web portal rather than an application like on our phones. He went into detail about several IoT devices and showed the findings from the LCDI. The culmination of this work is an IoT artifact reference which they’ll release for open use. Through attending Jon’s talk, I learned a lot about the inner workings of IoT devices and their true security.

CONCLUSION

As the Magnet User Summit drew to a close, it was bit bittersweet to leave. Besides the fact that Nashville neared 75 degrees unlike Burlington, I had an incredible opportunity to learn. I gained more knowledge about digital forensics and networked with industry professionals! I am incredibly thankful to Champlain College, the LCDI, and Magnet Forensics for the opportunity to attend this year’s summit. Hopefully I’m able to attend another conference next year!

 

Blog written by Champlain College‘s Jackson Wajer.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Internet of Things at Magnet User Summit 2019 appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

by

Magnet User Summit 2019: Solving Cyber Crimes with the University of Notre Dame

Mitch Kajzer presented this talk at the Magnet User Summit. He is the director of the Cyber Crimes Unit in St. Joseph County, Indiana, and also an adjunct professor at Notre Dame. He talked about the changing nature of digital forensic investigations and how police agencies need to adapt. Technology is now involved in most crimes because each person has an average of 4.3 internet-connect devices. Typically major cases get forensic attention which prevents some digital forensics exams from happening. If they do, some have backlogs and wait times of months to years. The solution in St. Joseph County was to enlist the help of college students.

Partnering with the University of Notre Dame

Mitch talked about the partnership that the Cyber Crimes Unit has with the University of Notre Dame. They have a paid internship where students of any major train and receive background education in digital forensics and get to work in the Cyber Crimes Unit.

All students are sworn police investigators who work on the same cases officers work on. They provide analysis on digital devices, write search warrants, execute them, and even appear in court. Students are involved in 95% of the cases in the department, are primary investigators in about a third of these cases, and conduct 65% of all digital examinations. Mitch said that the students leverage AXIOM a lot for their investigations, and helps to create portable cases to show the digital analysis results to the officer/detective assigned to the case.

Since starting, St. Joseph County’s Cyber Crime Unit has gone from a turnaround of fourteen days and a backlog of thirty cases, to now having a turnaround of only four hours and no backlog at all. Students are having a direct impact on the digital investigations, and are solving cases by themselves. In addition, most of the intern workforce has been women, which is awesome for getting more women into this field. I asked Mitch at the end of the presentation whether or not there was a legal implication for all this. Does the evidence students find hold up in court? He told me there have been no implications because of the extensive training and certification all interns receive.

Conclusion

I think this model is really amazing and can clearly change the way digital investigations are done within police departments. I hope the country catches on to what incredible work is coming from the partnership between Notre Dame and St. Joseph County’s Cyber Crime Unit. I also think it would be interesting to see this model implemented in Burlington itself with Champlain students, especially those working at the Leahy Center for Digital Investigation (LCDI). The LCDI already does investigative work, but I think that if there was a partnership with the Burlington Police Department, it would help students gain real-life experience while helping out the local community.

 

Blog written by Champlain College fi-year Madi Brumbelow.

Be sure to check us out on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @Champlainforensics to see other important information pertaining to our project!

The post Magnet User Summit 2019: Solving Cyber Crimes with the University of Notre Dame appeared first on The Leahy Center for Digital Forensics & Cybersecurity.